{"report_id":"35b97486-ac33-4849-a731-58c993b4af99","version":6,"status":"done","tags":[],"date":"2025-12-04T05:23:09Z","url":{"schema":"http","addr":"ji1243.top/","fqdn":"ji1243.top","domain":"ji1243.top","tld":"top"},"ip":{"addr":"156.254.21.155","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"title":"2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","dom":{"size":4412,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2358)","md5":"4e26dbab988a61df58ffb08b8b8701c4","sha1":"08cd009d10d79f85de88470e2b643b870f615fd5","sha256":"d4e2c9bb4f22575a510f4c6ee846fa8f91bb7b4d0ab39a6ef56c883242cf1a5b","sha512":"0ddbdf54d260ca2c0f4b000fefc5441932132ba49bdb386c99060572204c400550555f05640809087f48bb933188e684c26ea257515232e6129189343c6c138f","ssdeep":"48:I6hAnNfEgMv1vyR2zCL5bKFy71RBM32SYErKJgnmVsrJqEKKBNnguqicMEwgdqSV:/hACgKvyozcAMBQ2AwrwiqSv14EF","tlshash":"5f910f30885d505b0323d9c8a266bb4e7697e3ae995bc0046fed83981fd3cb1c92f974","dom_hash":"domhash76c2fbdb9797e136cbd1d51a530f9c0c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ji1243.top/","fqdn":"ji1243.top","domain":"ji1243.top","tld":"top"},"ip":{"addr":"156.254.21.155","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-08T05:23:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":9,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:49Z","timestamp":1764825769,"ip_dst":{"addr":"156.254.21.154","port":80,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"172.18.0.31","port":49490,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-04T05:22:49.591155+0000\",\"flow_id\":409093934775685,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":49490,\"dest_ip\":\"156.254.21.154\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"ji1243.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"//vhq4xyl.0009tva8ncbf.vip?AHn7xfqiUElpphCI\",\"length\":428},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":547,\"bytes_toclient\":1121,\"start\":\"2025-12-04T05:22:49.163205+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":47002,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.461223+0000\",\"flow_id\":590451076444948,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":47002,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":765,\"bytes_toclient\":6919,\"start\":\"2025-12-04T05:22:51.930580+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":46972,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.469772+0000\",\"flow_id\":516908351435061,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":46972,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":905,\"bytes_toclient\":6919,\"start\":\"2025-12-04T05:22:51.930101+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":46988,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.475747+0000\",\"flow_id\":1337998724248078,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":46988,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":753,\"bytes_toclient\":6919,\"start\":\"2025-12-04T05:22:51.930318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":46994,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.488347+0000\",\"flow_id\":753490182484629,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":46994,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":905,\"bytes_toclient\":6919,\"start\":\"2025-12-04T05:22:51.930453+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":47012,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.729772+0000\",\"flow_id\":1903714636711150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":47012,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":905,\"bytes_toclient\":6919,\"start\":\"2025-12-04T05:22:52.181486+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":47032,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.733792+0000\",\"flow_id\":689441482786207,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":47032,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":753,\"bytes_toclient\":1634,\"start\":\"2025-12-04T05:22:52.181663+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":47010,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.736328+0000\",\"flow_id\":832766688937015,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":47010,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":753,\"bytes_toclient\":6919,\"start\":\"2025-12-04T05:22:52.181303+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:52Z","timestamp":1764825772,"ip_dst":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.31","port":47016,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-04T05:22:52.740581+0000\",\"flow_id\":2178611871008071,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":47016,\"dest_ip\":\"112.74.1.128\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":905,\"bytes_toclient\":6919,\"start\":\"2025-12-04T05:22:52.181575+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"ji1243.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"504h13bbm1ehbx31qvxf.entsbio.com","ip":{"addr":"138.113.219.130","port":6443,"asn":54994,"as":"ML-1432-54994","country":"Germany","country_code":"DE"},"domain_registered":"2011-06-30","domain_rank":0,"first_seen":"2025-10-15T15:37:52.02961Z","last_seen":"2025-11-27T08:17:10.730065Z","alert_count":0,"request_count":2,"received_data":1826,"sent_data":1477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2025-12-01T02:12:20.766539Z","alert_count":0,"request_count":1,"received_data":369,"sent_data":489,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ji1243.top","ip":{"addr":"154.193.210.102","port":443,"asn":984,"as":"OWS","country":"Seychelles","country_code":"SC"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":1,"received_data":1717,"sent_data":479,"comment":"","tags":null,"fingerprints":null},{"fqdn":"2vfoq85.0009tvfeipwp.top","ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":10,"request_count":10,"received_data":298698,"sent_data":4823,"comment":"","tags":null,"fingerprints":null},{"fqdn":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com","ip":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"2012-04-01","domain_rank":0,"first_seen":"2025-04-22T22:54:24.605323Z","last_seen":"2025-12-04T01:52:15.079837Z","alert_count":0,"request_count":4,"received_data":1553490,"sent_data":1936,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3b2446e9c34c967b85026c9e612042bb","sha1":"ca9096e2a8ec8652439d0c8438b02ae281adad1f","sha256":"43871ba82b62b92150c4696c0c58b84cd3f9406a9fc361d2411080f9d88d0b7c","sha512":"6139395bd905d9a50459383cab88ef64bbdd8c9dbf5bf6aca788db942124b96ff9664715c246d6c68718003c7e0ebca7bf99e2202f6d7489672a561d4e721578","ssdeep":"","tlshash":"ee900202626aaeca0207a18081d0b15130950fc00a1142073c0c4843c070400e825f01","size":54,"data":"","first_seen":"2025-04-16T00:07:03.725086Z","last_seen":"2025-12-21T04:07:50.970987Z","times_seen":211,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-04T16:47:43.255514Z","times_seen":81475,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/config.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"954608ccf55c9b3af5f2bc9723146353","sha1":"6ecfa093814e8d462770fed41e67277f3fb957ba","sha256":"88e0b2de8da56f7b91aaa5796f2570f74c9960c918f49b1b3c8f4a80d871cfdd","sha512":"28c548aa130d47d2bbceaf0b8298f44c2fb98c852bf7573f140240de97b5a140875b5ec7003602a66d9d53cc8b5e7c2b0b7ccad8bc424f8e5b958c3932ff0ad8","ssdeep":"","tlshash":"b4e0dfeb9b7ae0fea8b618821b0771b9f4161827fe117440186304aaa167d2f87143c3","size":379,"data":"","first_seen":"2025-04-16T00:07:03.720936Z","last_seen":"2026-02-17T23:59:51.807977Z","times_seen":532,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3f6314ecde6204f136d4c4a7964937c","sha1":"80bf770e5a9f67d34b90d090e11074a8eac700b6","sha256":"3e22f227a723de2fb395509d86fd908ea74724a7804b7020cab9e56f57aa41da","sha512":"2d243d7474d59f16a9ade09e109f30de0e7b82f21604033ea15b4a2d3743401fb7b3e179dc87ca7849afc6bf9810d347624abd9a809bbae1b94012d0c808e6f2","ssdeep":"","tlshash":"0fe0cdcd65d650164137799c514f32083553706f687d98007a4c8fc06f9326785935ee","size":311,"data":"","first_seen":"2025-03-03T02:20:49.63542Z","last_seen":"2026-04-04T13:48:37.993157Z","times_seen":2566,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/index-Bie2Gu_t.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b2c00ebf9245d6a5faaad4db8aacd21","sha1":"21836866731cff0d22e065b90dc7fda85c328d21","sha256":"c8224074ed3cfdc1bacddfd877b7c645c40400742e9f1a618fea188138782fb9","sha512":"0b7114eea13d8953ae21626458ffba9058e827427ff6329fd5a120a910ba4cc5beb1d1927e37699a43ff40ffc61b97e2c6449eaf80851f60f0a787511086eb1f","ssdeep":"6144:OZ9MyGLgXguUy5wiswmy68xpywATn5/Hng:49MyWgh5Rmy63ZY","tlshash":"ad246cb97282b46223ba15fa507b0016f7391909780dc5e8f16c6ddb387740a92bbf7d","size":224457,"data":"","first_seen":"2025-11-28T14:32:22.6382Z","last_seen":"2026-02-17T23:59:51.82402Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/template1-pL0ohtZk.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"28f840b8c0e07572c3d0cc4ff9f56e31","sha1":"2a67ffda379163ac0fde91f1f86e8bc45aa3ce12","sha256":"281f17960ce7f96e6b10d151b14f531b56e035e6032731a66f0ead9e2d6e30ec","sha512":"f2ca8adaa9759e8a7fbb2edece681a9a26c80505fe07ebc252d025ad6f7b4ce679a2f6ecf2acaf52c15cfe945c7eef8252af400baedd8b687f403476326eca9a","ssdeep":"","tlshash":"3341da8d7e385e7a53f208cb941e3040f93f42e6417c68956a7cdc222a84e62535f766","size":2426,"data":"","first_seen":"2025-11-28T14:32:22.634133Z","last_seen":"2026-01-31T02:45:17.396388Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"2512414f817df8312569d55032748f81","sha1":"13467df6e962aa77bb36867ff1412e1ba9f8feb1","sha256":"e193735f8d500f10e2cdc6a94f5a43fb0257c1e2f8afc10fa04f0e3761d258de","sha512":"db6e4298746d519b0987bfa0feb89c39315718e178418e482b1c10c76439eae343afabf2db35ffaaa26c7ee6a3855084d39e9b88d35b11f87c354ceaf38874a0","ssdeep":"","tlshash":"a590029525c25101965295d4455b5c8450658675249569809180956259550205125cbc","size":47,"data":"","first_seen":"2023-04-11T22:25:25Z","last_seen":"2026-04-04T16:38:42.086694Z","times_seen":19234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/appinstall.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a14913360cd89f0812ea4971df5a16b","sha1":"409a49517dfc31273a84977e1a852ef5ccd60063","sha256":"7c9895f2e57140b2a429c2b5df1eb51b2c0bf49f56365e198fb20a92fe79c1dd","sha512":"afdb6539176c82ae6d211655b974781f7854d7045af9e4f53d66c8c96860c3a0271c27115375c65e93e797585e4e04c9d61fa9464a58a211a0981b2583c0762e","ssdeep":"768:JKOpi9n0gWsgR/DUjVyMcamlyNWAa0kULOLOjOsO3Ow5l5W5P5M5ZgqDdL2fGjcZ:cOpil0gWxbzDqUHJFG+mSsZR1QeyDe","tlshash":"782310c879a2f8501766b172356fd47bf6ab6caaa488c90cd501f4dcfeb4118d533e88","size":47585,"data":"","first_seen":"2023-10-22T09:50:31Z","last_seen":"2026-04-03T21:02:00.970499Z","times_seen":6387,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ji1243.top/","fqdn":"ji1243.top","domain":"ji1243.top","tld":"top"},"ip":{"addr":"154.193.210.102","port":443,"asn":984,"as":"OWS","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-04T05:22:46.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ji6999.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Oct 2025 09:15:31 GMT","end":"Sat, 03 Jan 2026 09:15:30 GMT"},"fingerprint":{"sha1":"08:8E:47:73:ED:FA:92:5E:45:E2:23:B9:A2:90:25:80:DF:CE:AF:39","sha256":"39:68:F7:9D:F3:B6:AA:D5:54:C1:18:AD:04:5C:38:B9:4C:49:8F:AB:A6:59:0E:3B:B3:30:90:A4:56:5F:29:2A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ji1243.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 04 Dec 2025 05:22:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: private, must-revalidate\r\nLocation: //2vfoq85.0009tvfeipwp.top?dTO0wBAcSPGYYRNQ\r\npragma: no-cache\r\nexpires: -1\r\nSet-Cookie: 086_session=ZZGgHqj8tp5n0MddkfGbO9vVLhiCtp4v0g5LIhaU; expires=Thu, 04 Dec 2025 07:21:51 GMT; Max-Age=7200; path=/; domain=.test.com; httponly; samesite=lax\r\nServer: cdnwaf\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":1232,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":2718,"timings":{"blocked":1243,"dns":606,"connect":209,"send":0,"wait":230,"receive":0,"ssl":427},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T05:22:49Z","timestamp":1764825769,"ip_dst":{"addr":"156.254.21.154","port":80,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"172.18.0.31","port":49490,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-04T05:22:49.591155+0000\",\"flow_id\":409093934775685,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":49490,\"dest_ip\":\"156.254.21.154\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"ji1243.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"//vhq4xyl.0009tva8ncbf.vip?AHn7xfqiUElpphCI\",\"length\":428},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":547,\"bytes_toclient\":1121,\"start\":\"2025-12-04T05:22:49.163205+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"ji1243.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/config.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:49.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /config.js HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:49 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 379\r\nConnection: keep-alive\r\nLast-Modified: Sat, 29 Mar 2025 01:02:09 GMT\r\nETag: \"67e74691-17b\"\r\nExpires: Thu, 04 Dec 2025 17:04:16 GMT\r\nCache-Control: max-age=43200\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":379,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"954608ccf55c9b3af5f2bc9723146353","sha1":"6ecfa093814e8d462770fed41e67277f3fb957ba","sha256":"88e0b2de8da56f7b91aaa5796f2570f74c9960c918f49b1b3c8f4a80d871cfdd","sha512":"28c548aa130d47d2bbceaf0b8298f44c2fb98c852bf7573f140240de97b5a140875b5ec7003602a66d9d53cc8b5e7c2b0b7ccad8bc424f8e5b958c3932ff0ad8","ssdeep":"","tlshash":"b4e0dfeb9b7ae0fea8b618821b0771b9f4161827fe117440186304aaa167d2f87143c3","first_seen":"2025-04-16T00:07:03.720936Z","last_seen":"2026-02-17T23:59:51.807977Z","times_seen":532,"resource_available":true,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/api/get_domain","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"POST /api/get_domain HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 27\r\nOrigin: https://2vfoq85.0009tvfeipwp.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":27,"data":"{\"code\":\"dTO0wBAcSPGYYRNQ\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:51 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nCache-Control: private, must-revalidate\r\npragma: no-cache\r\nexpires: -1\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nServer: cdn\r\nX-Cache-Status: MISS\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1830,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"96895f8e2d2ccd891a2a9829b35b4ee5","sha1":"e2997332b21129f10fab50e2ae6077ba06439fc7","sha256":"25e37961e015189792bc03a41fdda687663664d65412ee1345ed3316b0e4115b","sha512":"15974e1fe3c37de648d4f2db26d44639c7eeec65a7481235b7e2d77a07d0084fc5d0c238f71138921e2c95c567a1e8f3c4dfca77552d7f7cd0a57f796d3d311a","ssdeep":"","tlshash":"0b31e0e4bff4c86b165712cffd1ffa1dd8ee210b209c8911ecbc4c542002aaa5b59a51","first_seen":"2025-12-04T05:23:20.417054Z","last_seen":"2025-12-04T05:23:20.417054Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com/images/vA177UkMutw6B25h.js","fqdn":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.oss-cn-shenzhen.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Jul 2025 07:01:40 GMT","end":"Wed, 04 Feb 2026 03:21:01 GMT"},"fingerprint":{"sha1":"3B:A0:EC:9B:0B:4A:E5:D0:B1:BC:19:1A:9C:14:2C:D8:40:11:9D:AA","sha256":"F3:80:D3:C8:AF:53:07:42:0E:D1:3B:29:1E:56:9F:87:E5:63:3F:40:FF:E3:D7:3A:C2:60:73:13:AC:2A:DF:5B"}}},"request":{"raw":"GET /images/vA177UkMutw6B25h.js HTTP/1.1\r\nHost: uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Thu, 04 Dec 2025 05:22:52 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nx-oss-request-id: 69311AAC8054033432D186EB\r\nLast-Modified: Sat, 29 Mar 2025 09:40:21 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11234293840744382167\r\nx-oss-storage-class: Standard\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: Tpht+5Bj82ZSGvVFDlP16g==\r\nx-oss-server-time: 10\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":83943,"size_decoded":0,"mime_type":"application/javascript","magic":"GIF image data, version 89a, 44739 x 49922","md5":"12fb9f7f33270db1dc67185b466d7c27","sha1":"dbcd87f1d0eb2980b9e395f8cc13c7b534af7109","sha256":"3acff95d6305ca377c64f38fa0a2e85e68ed3695171231479797d768b6873737","sha512":"63392357184eebc98572c54f0310a339fd15c514ccc7cb39f698beadfa2bec2e2205ceddd0ab1b3e627afbef1cc1bdc4237b98bc7966421316e205d0b392ebe5","ssdeep":"3072:kW0OY+qxACkmyJK0su1sfb6qVyzU2ChUnXD4yhekr:2+qtkmyJlCgChUT4yEK","tlshash":"abc3e107b222f370d3b666ff681209d8350be7a8e7dbb950f634d2b15d85524728e4d2","first_seen":"2025-05-30T06:56:16.334583Z","last_seen":"2025-12-21T04:07:50.965228Z","times_seen":41,"resource_available":false,"data":null}},"time_used":2221,"timings":{"blocked":827,"dns":29,"connect":261,"send":0,"wait":274,"receive":288,"ssl":534},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com/images/ET6BfExksuXPXMy0.js","fqdn":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.oss-cn-shenzhen.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Jul 2025 07:01:40 GMT","end":"Wed, 04 Feb 2026 03:21:01 GMT"},"fingerprint":{"sha1":"3B:A0:EC:9B:0B:4A:E5:D0:B1:BC:19:1A:9C:14:2C:D8:40:11:9D:AA","sha256":"F3:80:D3:C8:AF:53:07:42:0E:D1:3B:29:1E:56:9F:87:E5:63:3F:40:FF:E3:D7:3A:C2:60:73:13:AC:2A:DF:5B"}}},"request":{"raw":"GET /images/ET6BfExksuXPXMy0.js HTTP/1.1\r\nHost: uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Thu, 04 Dec 2025 05:22:52 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nx-oss-request-id: 69311AAC81477F3730ACB9E2\r\nLast-Modified: Tue, 07 Oct 2025 14:12:51 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14021541598669546244\r\nx-oss-storage-class: Standard\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: OUNkqsGkVqZ+QJMOhX6ykw==\r\nx-oss-server-time: 8\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":60590,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"b9daa9787b657c97d5dec525eea5e7ce","sha1":"c78dada427eacd07fa304621347738851cac2217","sha256":"73f5ff400e7da6c4cff642164243ffc6d5003763a465b9ef05b66022f80a4453","sha512":"911f3e1b26d75a44ec66e245f6fc43ee5c0e10af6063a59083c5299e9884af8e34e73c0c9a2669520aff0f60570bcbd351ec4a45757a5132c6730caad4081a12","ssdeep":"1536:xV+C87+tRQzFVr+fRKTorExEcByUEHJW1YskbVhE8MSrsCfrwm88E0fX5MMpe:xV+D+Uzn+fF0ZrEHMS7VhELSoCkm88EH","tlshash":"4993e1001341f3f0d297a0f6a50246d8f54a8fa9ff5aae94c638da711d8a52f76ef0d1","first_seen":"2025-05-30T04:54:02.864159Z","last_seen":"2025-12-21T04:07:50.962488Z","times_seen":27,"resource_available":false,"data":null}},"time_used":1939,"timings":{"blocked":826,"dns":31,"connect":261,"send":0,"wait":274,"receive":10,"ssl":533},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"504h13bbm1ehbx31qvxf.entsbio.com:6443/web/mfwjmbgc/jinshat/init?channelCode=jinshatg\u0026av=0\u0026cv=0\u0026hash=\u0026server=https%3A%2F%2F504h13bbm1ehbx31qvxf.entsbio.com%3A6443\u0026sw=p6Supg\u0026sh=p6akog\u0026sp=1","fqdn":"504h13bbm1ehbx31qvxf.entsbio.com","domain":"entsbio.com","tld":"com"},"ip":{"addr":"138.113.219.130","port":6443,"asn":54994,"as":"ML-1432-54994","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:52.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.entsbio.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 17:05:59 GMT","end":"Mon, 02 Mar 2026 17:05:58 GMT"},"fingerprint":{"sha1":"72:4D:2D:0F:5A:D1:F7:0D:2F:DF:A4:64:E7:39:85:58:79:8F:A7:9A","sha256":"15:B7:7C:6F:55:D8:B7:17:5F:E6:C8:A4:B3:10:C3:3B:70:8F:13:24:C8:A4:AC:1A:A2:EF:B1:E1:25:93:9D:B5"}}},"request":{"raw":"POST /web/mfwjmbgc/jinshat/init?channelCode=jinshatg\u0026av=0\u0026cv=0\u0026hash=\u0026server=https%3A%2F%2F504h13bbm1ehbx31qvxf.entsbio.com%3A6443\u0026sw=p6Supg\u0026sh=p6akog\u0026sp=1 HTTP/1.1\r\nHost: 504h13bbm1ehbx31qvxf.entsbio.com:6443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=utf-8\r\nContent-Length: 2\r\nOrigin: https://2vfoq85.0009tvfeipwp.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: NgxFence\r\ndate: Thu, 04 Dec 2025 05:22:53 GMT\r\ncontent-type: application/json;charset=utf-8\r\naccess-control-allow-origin: https://2vfoq85.0009tvfeipwp.top\r\naccess-control-allow-credentials: true\r\nset-cookie: appinstall_tkid=28464348927; Max-Age=86400; Expires=Fri, 05 Dec 2025 05:22:53 GMT; Path=/\nv-app-mfwjmbgc=1; Max-Age=315360000; Expires=Sun, 02 Dec 2035 05:22:53 GMT; Path=/web/mfwjmbgc/\nv-ch-68a8581ab9d3f75f66cd41ce=1; Max-Age=315360000; Expires=Sun, 02 Dec 2035 05:22:53 GMT; Path=/web/mfwjmbgc/jinshat/\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nvary: Origin, Origin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":591,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a046534c6dd789ec08c2b234c20fc1c2","sha1":"c6f2ba35f2b4893b8b552bbd0ae9f38f927e91f5","sha256":"ed4c02bc7311109216e51b7526918494d28130b089a869f91c7cc51f3653f429","sha512":"2018c4b356f31bf008225e1243a37d3008f9d31b382eb790d429376de303b1d4d18d8011c853215d30955baf5e989ae4caf630d9d151125e94a6bc9baa62bb07","ssdeep":"","tlshash":"a3f0e1834e514a0de646763201c73e44c52c31a77d589cf8fdc08f1c50ba0e6e52612e","first_seen":"2025-12-04T05:23:20.419141Z","last_seen":"2025-12-04T05:23:20.419141Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1886,"timings":{"blocked":837,"dns":412,"connect":19,"send":0,"wait":210,"receive":0,"ssl":404},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-04T05:22:47.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /?dTO0wBAcSPGYYRNQ HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:49 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 28 Nov 2025 06:37:40 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"69294334-4d0\"\r\nServer: cdn\r\nX-Cache-Status: MISS\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1232,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"0c724e6c0a15cfa75c861b0adac5057f","sha1":"cfa6be7e75bad77a529d3e5e66396d77936fd7ab","sha256":"bab531345d189915a32977b2e018d1a80a9d571aac6c96e3ff40a16649c7eb93","sha512":"3ea6d6a726a0b59c78a23f7742c9bf7faae0b0b74cb253a4f90fea7b56a77b7d84ec49f90f9d0db3fabf5c025570239d48aeb9e0f683e89b3d68ecd624c32974","ssdeep":"","tlshash":"30219e48a4fb8915313321069c71b2087ea3ea0fc658ef9176ae457d7f8176648475ac","first_seen":"2025-11-28T14:32:22.614996Z","last_seen":"2026-02-17T23:59:51.81973Z","times_seen":52,"resource_available":true,"data":null}},"time_used":3908,"timings":{"blocked":1835,"dns":1120,"connect":235,"send":0,"wait":238,"receive":0,"ssl":477},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/index-Bie2Gu_t.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:49.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /assets/index-Bie2Gu_t.js HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:50 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 28 Nov 2025 06:37:40 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"69294334-36cc9\"\r\nExpires: Thu, 04 Dec 2025 17:04:16 GMT\r\nCache-Control: max-age=43200\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":224457,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (63248)","md5":"6b2c00ebf9245d6a5faaad4db8aacd21","sha1":"21836866731cff0d22e065b90dc7fda85c328d21","sha256":"c8224074ed3cfdc1bacddfd877b7c645c40400742e9f1a618fea188138782fb9","sha512":"0b7114eea13d8953ae21626458ffba9058e827427ff6329fd5a120a910ba4cc5beb1d1927e37699a43ff40ffc61b97e2c6449eaf80851f60f0a787511086eb1f","ssdeep":"6144:OZ9MyGLgXguUy5wiswmy68xpywATn5/Hng:49MyWgh5Rmy63ZY","tlshash":"ad246cb97282b46223ba15fa507b0016f7391909780dc5e8f16c6ddb387740a92bbf7d","first_seen":"2025-11-28T14:32:22.6382Z","last_seen":"2026-02-17T23:59:51.82402Z","times_seen":52,"resource_available":true,"data":null}},"time_used":1177,"timings":{"blocked":232,"dns":0,"connect":0,"send":0,"wait":472,"receive":473,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/favicon.ico","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"207.148.45.108","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:51 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nCache-Control: private, must-revalidate\r\npragma: no-cache\r\nexpires: -1\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nSet-Cookie: 086_session=eyJpdiI6Im0yWFJzczY4N1hrbk5uU0ZncUo4SXc9PSIsInZhbHVlIjoiYkdFODEySS9KSnJleS82NFhGbzlCYklodmREQWxxU3lLY1lFSWN5RDFQZGI5d0czeUxjaytQT2NzMW9WT2FFWjJROGxlOFppUmJmZXJ1TWtjT3FQc1FobWJjWjVZUS9lK01QR0FwNlNvSzdvV3daMnBEOWozZGdKY3RLb2RwbUUiLCJtYWMiOiJkNWIxNjU3OWRmNDIyMGU5YzJjNWNjNjlkMWNmOTZhNTFmYWM5ZThjNGJlYjU2NGQ5MTQ1MjU1NDUzOWVjNTU2IiwidGFnIjoiIn0%3D; expires=Thu, 04 Dec 2025 07:06:05 GMT; Max-Age=7200; path=/; domain=.test.com; httponly; samesite=lax\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":634,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"841ac49b2ed3215ec0cfe0845671348a","sha1":"adba10b56f09c89a3ce72b1a289a1d281c0b6497","sha256":"4d6ddcd6302982dad484f3435040d31567a5670d333c0921b45bca6b5d931bf7","sha512":"5c1836d244745e19d642ef036b8f0b484b6c24b88c4198e6a525006eedc2d5ad9d7e93bc6f8f5c3c2bd2a6fccd67f59c7b317e237a7a994fb85c71a1626d3a7f","ssdeep":"","tlshash":"38f0a2525053541951b0c160b8e4fb050dc58e62c7961d753acc669e5fcdd55c5f33ec","first_seen":"2025-01-20T01:31:06.237644Z","last_seen":"2026-02-17T23:59:51.814502Z","times_seen":613,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/template1-DWHVZMGN.css","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /assets/template1-DWHVZMGN.css HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:51 GMT\r\nContent-Type: text/css\r\nContent-Length: 508\r\nConnection: keep-alive\r\nLast-Modified: Fri, 28 Nov 2025 06:37:40 GMT\r\nETag: \"69294334-1fc\"\r\nExpires: Thu, 04 Dec 2025 17:06:05 GMT\r\nCache-Control: max-age=43200\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":508,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (507)","md5":"a4aaf3f64393cedddfcbd0ceee30bdbe","sha1":"ab83db21a4641f363090967bde631eefa47eed7c","sha256":"46bdb821cfb4a4bb4b1bd28d6491bad58e04f6099b1e2984aabbdbb1b2ed16f4","sha512":"8946b4e7609094b10c6b628e516d026750e45b59042baff53dc65001e23f918c9d05c5e9c9b96363cb57cce5d8c2de061f76ebf3ccd215dd4e6b2094738496fe","ssdeep":"","tlshash":"6df02414173d6108c3329176c8845e19d53fda229baf640bef8fa3220e8f2cd216dec6","first_seen":"2025-02-26T17:48:48.012853Z","last_seen":"2026-03-21T14:00:09.144174Z","times_seen":761,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/template1-pL0ohtZk.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /assets/template1-pL0ohtZk.js HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:52 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 28 Nov 2025 06:37:40 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"69294334-97a\"\r\nExpires: Thu, 04 Dec 2025 17:06:05 GMT\r\nCache-Control: max-age=43200\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2426,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2378)","md5":"28f840b8c0e07572c3d0cc4ff9f56e31","sha1":"2a67ffda379163ac0fde91f1f86e8bc45aa3ce12","sha256":"281f17960ce7f96e6b10d151b14f531b56e035e6032731a66f0ead9e2d6e30ec","sha512":"f2ca8adaa9759e8a7fbb2edece681a9a26c80505fe07ebc252d025ad6f7b4ce679a2f6ecf2acaf52c15cfe945c7eef8252af400baedd8b687f403476326eca9a","ssdeep":"","tlshash":"3341da8d7e385e7a53f208cb941e3040f93f42e6417c68956a7cdc222a84e62535f766","first_seen":"2025-11-28T14:32:22.634133Z","last_seen":"2026-01-31T02:45:17.396388Z","times_seen":11,"resource_available":true,"data":null}},"time_used":1614,"timings":{"blocked":695,"dns":22,"connect":222,"send":0,"wait":222,"receive":0,"ssl":450},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com/images/NcP7FleMutKqholN.js","fqdn":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.oss-cn-shenzhen.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Jul 2025 07:01:40 GMT","end":"Wed, 04 Feb 2026 03:21:01 GMT"},"fingerprint":{"sha1":"3B:A0:EC:9B:0B:4A:E5:D0:B1:BC:19:1A:9C:14:2C:D8:40:11:9D:AA","sha256":"F3:80:D3:C8:AF:53:07:42:0E:D1:3B:29:1E:56:9F:87:E5:63:3F:40:FF:E3:D7:3A:C2:60:73:13:AC:2A:DF:5B"}}},"request":{"raw":"GET /images/NcP7FleMutKqholN.js HTTP/1.1\r\nHost: uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Thu, 04 Dec 2025 05:22:52 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nx-oss-request-id: 69311AAC22DB573636BF2889\r\nLast-Modified: Tue, 02 Dec 2025 15:47:59 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 8786879320237586742\r\nx-oss-storage-class: Standard\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: ZsCCwRAfh1n/Dx85nWN++g==\r\nx-oss-server-time: 3\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1027871,"size_decoded":0,"mime_type":"application/javascript","magic":"GIF image data, version 89a, 44739 x 49922","md5":"7e43f14b20faf59025346e858863c5fd","sha1":"36aaf6af5b41cb42a8171f64fd018de5e75f60bb","sha256":"55206c44374326f80eed2cde7898ff8944764f4f8fea5b4752f45b04d8c7e877","sha512":"bb4eeb7bebd7559d595a15a5071b6bcde83d36b744bd422ae4a1b8023aa09d14fcd62ed4da786a4a7309413038152c72036bf21e1b8263683fc5fc71777de78c","ssdeep":"24576:07WE6YHP8n+Z8NFBxOjvzpiVl30eI/ozv/qIyG3/10TLv3qjn:nPYHPjp4CL/ozv/qIb3l7","tlshash":"a06502025390f3b0d2f291fa68114ae06605db98e3dbbe50c538d6a12ddb23977de9d3","first_seen":"2025-12-04T01:52:25.984811Z","last_seen":"2025-12-16T07:34:41.083281Z","times_seen":5,"resource_available":false,"data":null}},"time_used":3300,"timings":{"blocked":867,"dns":37,"connect":275,"send":0,"wait":280,"receive":1284,"ssl":553},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com/images/2e7MM98BXxdDNxJ2.js","fqdn":"uyagyuegr2.oss-cn-shenzhen.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"112.74.1.128","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.oss-cn-shenzhen.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Jul 2025 07:01:40 GMT","end":"Wed, 04 Feb 2026 03:21:01 GMT"},"fingerprint":{"sha1":"3B:A0:EC:9B:0B:4A:E5:D0:B1:BC:19:1A:9C:14:2C:D8:40:11:9D:AA","sha256":"F3:80:D3:C8:AF:53:07:42:0E:D1:3B:29:1E:56:9F:87:E5:63:3F:40:FF:E3:D7:3A:C2:60:73:13:AC:2A:DF:5B"}}},"request":{"raw":"GET /images/2e7MM98BXxdDNxJ2.js HTTP/1.1\r\nHost: uyagyuegr2.oss-cn-shenzhen.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Thu, 04 Dec 2025 05:22:52 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nx-oss-request-id: 69311AAC51C5F931331409E8\r\nLast-Modified: Wed, 12 Nov 2025 12:01:35 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 8978476297588845087\r\nx-oss-storage-class: Standard\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: uDo4efsJD79qZi2RiyFQUg==\r\nx-oss-server-time: 4\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":378883,"size_decoded":0,"mime_type":"application/javascript","magic":"GIF image data, version 89a, 42691 x 49920","md5":"df20c161d9e2da5cbe2606fa344f584a","sha1":"53350399997d7adcb092ec2a6a1acd16d5edb167","sha256":"f847ecc3da3f5ce8292e8a58c629b4c8f500d3dc6bb5fa14f206beb323284874","sha512":"87371435e03eacdcaa958453915c6cf23644e3951b5cf3a8904028e6cbf27ff3e7771b3cb9940bf47bb406492e48f27aaeeb15060e122b2d5b99eec86f852d17","ssdeep":"12288:jf7zwP+RCMVkhZNkKLiJ0Yne+OXmFkeo0xHeHFKx:TE+O00+ezcEU","tlshash":"a7b4f102a1e0f374d37261f68e2116e05a57db94e7c77e50c638d2922d8b638b7de4d2","first_seen":"2025-11-12T23:55:18.808441Z","last_seen":"2025-12-21T04:07:50.966642Z","times_seen":39,"resource_available":false,"data":null}},"time_used":2838,"timings":{"blocked":844,"dns":30,"connect":271,"send":0,"wait":277,"receive":869,"ssl":544},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/appinstall.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /assets/appinstall.js HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/assets/index-Bie2Gu_t.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:51 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 28 Nov 2025 06:37:40 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"69294334-b9e1\"\r\nExpires: Thu, 04 Dec 2025 17:06:05 GMT\r\nCache-Control: max-age=43200\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":47585,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (47585), with no line terminators","md5":"8a14913360cd89f0812ea4971df5a16b","sha1":"409a49517dfc31273a84977e1a852ef5ccd60063","sha256":"7c9895f2e57140b2a429c2b5df1eb51b2c0bf49f56365e198fb20a92fe79c1dd","sha512":"afdb6539176c82ae6d211655b974781f7854d7045af9e4f53d66c8c96860c3a0271c27115375c65e93e797585e4e04c9d61fa9464a58a211a0981b2583c0762e","ssdeep":"768:JKOpi9n0gWsgR/DUjVyMcamlyNWAa0kULOLOjOsO3Ow5l5W5P5M5ZgqDdL2fGjcZ:cOpil0gWxbzDqUHJFG+mSsZR1QeyDe","tlshash":"782310c879a2f8501766b172356fd47bf6ab6caaa488c90cd501f4dcfeb4118d533e88","first_seen":"2023-10-22T09:50:31Z","last_seen":"2026-04-03T21:02:00.970499Z","times_seen":6387,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":237,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/template1-pL0ohtZk.js","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"46.149.193.96","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:51.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /assets/template1-pL0ohtZk.js HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/assets/index-Bie2Gu_t.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:51 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 28 Nov 2025 06:37:40 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"69294334-97a\"\r\nExpires: Thu, 04 Dec 2025 17:06:05 GMT\r\nCache-Control: max-age=43200\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2426,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2378)","md5":"28f840b8c0e07572c3d0cc4ff9f56e31","sha1":"2a67ffda379163ac0fde91f1f86e8bc45aa3ce12","sha256":"281f17960ce7f96e6b10d151b14f531b56e035e6032731a66f0ead9e2d6e30ec","sha512":"f2ca8adaa9759e8a7fbb2edece681a9a26c80505fe07ebc252d025ad6f7b4ce679a2f6ecf2acaf52c15cfe945c7eef8252af400baedd8b687f403476326eca9a","ssdeep":"","tlshash":"3341da8d7e385e7a53f208cb941e3040f93f42e6417c68956a7cdc222a84e62535f766","first_seen":"2025-11-28T14:32:22.634133Z","last_seen":"2026-01-31T02:45:17.396388Z","times_seen":11,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"504h13bbm1ehbx31qvxf.entsbio.com:6443/web/mfwjmbgc/jinshat/clicked/c/eyJjIjoiamluc2hhdGciLCJkIjp7fSwibSI6ImxDRVZGdDJaZGtJQUFBR2E1OUExb1FQWF9KWXRzTUFTLS0zUU40VHFidWxQNVNDczRlMDJzSHFVSmZYSkFyRWJWc2VBbzQwZFBFVmdDUWRIR1ZfVU1pcGZKaDdtSDBneU5BZms2SkxzZVV1cEdNSDMtOUJFZDkwdUdLYmZDZWtsIn0=?p=0\u0026ref=https%3A%2F%2F2vfoq85.0009tvfeipwp.top%2F%3FdTO0wBAcSPGYYRNQ\u0026ac=0\u0026cc=0\u0026channelCode=jinshatg","fqdn":"504h13bbm1ehbx31qvxf.entsbio.com","domain":"entsbio.com","tld":"com"},"ip":{"addr":"138.113.219.130","port":6443,"asn":54994,"as":"ML-1432-54994","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:56.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.entsbio.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 17:05:59 GMT","end":"Mon, 02 Mar 2026 17:05:58 GMT"},"fingerprint":{"sha1":"72:4D:2D:0F:5A:D1:F7:0D:2F:DF:A4:64:E7:39:85:58:79:8F:A7:9A","sha256":"15:B7:7C:6F:55:D8:B7:17:5F:E6:C8:A4:B3:10:C3:3B:70:8F:13:24:C8:A4:AC:1A:A2:EF:B1:E1:25:93:9D:B5"}}},"request":{"raw":"POST /web/mfwjmbgc/jinshat/clicked/c/eyJjIjoiamluc2hhdGciLCJkIjp7fSwibSI6ImxDRVZGdDJaZGtJQUFBR2E1OUExb1FQWF9KWXRzTUFTLS0zUU40VHFidWxQNVNDczRlMDJzSHFVSmZYSkFyRWJWc2VBbzQwZFBFVmdDUWRIR1ZfVU1pcGZKaDdtSDBneU5BZms2SkxzZVV1cEdNSDMtOUJFZDkwdUdLYmZDZWtsIn0=?p=0\u0026ref=https%3A%2F%2F2vfoq85.0009tvfeipwp.top%2F%3FdTO0wBAcSPGYYRNQ\u0026ac=0\u0026cc=0\u0026channelCode=jinshatg HTTP/1.1\r\nHost: 504h13bbm1ehbx31qvxf.entsbio.com:6443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://2vfoq85.0009tvfeipwp.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: NgxFence\r\ndate: Thu, 04 Dec 2025 05:22:57 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: https://2vfoq85.0009tvfeipwp.top\r\naccess-control-allow-credentials: true\r\nset-cookie: c-app-mfwjmbgc=1; Max-Age=315360000; Expires=Sun, 02 Dec 2035 05:22:57 GMT; Path=/web/mfwjmbgc/\nc-ch-68a8581ab9d3f75f66cd41ce=1; Max-Age=315360000; Expires=Sun, 02 Dec 2035 05:22:57 GMT; Path=/web/mfwjmbgc/jinshat/\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nvary: Origin, Origin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2vfoq85.0009tvfeipwp.top/assets/index-DqUcHkYI.css","fqdn":"2vfoq85.0009tvfeipwp.top","domain":"0009tvfeipwp.top","tld":"top"},"ip":{"addr":"207.148.45.108","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:49.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"2vfoq85.0009tvfeipwp.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 05:02:26 GMT","end":"Tue, 03 Mar 2026 05:02:25 GMT"},"fingerprint":{"sha1":"A3:3A:56:69:97:65:1C:45:BB:DC:89:3F:43:C9:B2:E4:BC:E9:59:84","sha256":"26:D7:CE:BB:00:C8:FF:66:A7:9B:5C:C6:D6:D6:43:BE:AD:91:67:54:5C:13:5D:EB:0A:96:E7:70:85:10:A6:A3"}}},"request":{"raw":"GET /assets/index-DqUcHkYI.css HTTP/1.1\r\nHost: 2vfoq85.0009tvfeipwp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 05:22:50 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 28 Nov 2025 06:37:40 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"69294334-3271\"\r\nExpires: Thu, 04 Dec 2025 17:04:16 GMT\r\nCache-Control: max-age=43200\r\nServer: cdn\r\nX-Cache-Status: HIT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12913,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (12904)","md5":"2aeadb37be6a2e26e477c863822f9e75","sha1":"c7f1e2c1d0caf375ede0a6c47ce20d3bb8442a25","sha256":"b7e063cf07f2aa69ae2880306373377c2c7a30b18871ee2ece4ffe821f7fa99c","sha512":"fed6135f6d5895575d7e10612f07b043a1606441bc1a2ef6b86fca3257a39a736f9904e45006435ad0b7b0d50462048ef9ab04e60674e46994ba6a21f030e6b6","ssdeep":"384:m+mG7he7eMlQLTcOSidPlTcOSidPyHWfCIktKNw7:m+mv2qIGKm7","tlshash":"dd427304d245957caf03e7a183a691e8f27ca6a2dd11c5fcf25652855bc3bb41b3328b","first_seen":"2025-04-07T00:33:24.541633Z","last_seen":"2026-03-24T10:13:05.361165Z","times_seen":1939,"resource_available":false,"data":null}},"time_used":1741,"timings":{"blocked":745,"dns":1,"connect":247,"send":0,"wait":247,"receive":0,"ssl":498},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"2vfoq85.0009tvfeipwp.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://2vfoq85.0009tvfeipwp.top/?dTO0wBAcSPGYYRNQ","date":"2025-12-04T05:22:53.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":"广州有啦网络科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 18 Mar 2025 04:08:22 GMT","end":"Sun, 19 Apr 2026 04:08:21 GMT"},"fingerprint":{"sha1":"AE:CB:32:71:EE:EE:E6:72:A4:88:B2:9F:4F:C4:E5:B5:A8:C2:73:6C","sha256":"7C:F1:09:2F:6A:8C:5B:F8:63:DF:D3:32:B0:F3:F8:E7:01:29:0E:F2:55:8B:4F:6C:58:55:8E:44:E9:EC:15:F4"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 280\r\nOrigin: https://2vfoq85.0009tvfeipwp.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2vfoq85.0009tvfeipwp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://2vfoq85.0009tvfeipwp.top\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Thu, 04 Dec 2025 05:22:53 GMT\r\neo-log-uuid: 13372945885941955848\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":39,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}